diff options
-rw-r--r-- | CHANGELOG | 20 | ||||
-rw-r--r-- | Zotlabs/Module/Photo.php | 17 | ||||
-rw-r--r-- | Zotlabs/Module/Search.php | 4 | ||||
-rwxr-xr-x | boot.php | 3 | ||||
-rw-r--r-- | include/photos.php | 20 | ||||
-rw-r--r-- | include/text.php | 2 |
6 files changed, 33 insertions, 33 deletions
@@ -1,3 +1,23 @@ +Hubzilla 3.8.4 (2018-11-14) + - Fix xss issue (thanks to Eduardo) + - Implement hook in enotify to be used by superblock + - Various css fixes + - Improve photo cache handling + - Provide a function hz_syslog() to log to syslog + - Fix request_target in z_post_url() + - Fix plural handling for various languages + - Some preparatory work for zot6 + - Fix warning in gallery addon + - Fix date issue on xchan photo update in diaspora and pubcrawl addons + - Fix typos in startpage addon + - Improve activitypub addressing + - Fix taxonomy in activitypub direct messages + - Fix syntax error in diaspora addon + - New e-learning addon flashcards + - Remove DNS check for database connection during installation + - Implement timestamps for pconfig + + Hubzilla 3.8.3 (2018-11-05) - Do not count likes in forum notifications if likes notifications are disabled - Fix typo in spanish translation which broke javascript diff --git a/Zotlabs/Module/Photo.php b/Zotlabs/Module/Photo.php index 95e3404fb..30e8340e2 100644 --- a/Zotlabs/Module/Photo.php +++ b/Zotlabs/Module/Photo.php @@ -4,7 +4,6 @@ namespace Zotlabs\Module; require_once('include/security.php'); require_once('include/attach.php'); require_once('include/photo/photo_driver.php'); -require_once('include/photos.php'); class Photo extends \Zotlabs\Web\Controller { @@ -89,10 +88,9 @@ class Photo extends \Zotlabs\Web\Controller { } if(! $data) { - $data = fetch_image_from_url($default,$mimetype); - } - if(! $mimetype) { - $mimetype = 'image/png'; + $x = z_fetch_url($default,true,0,[ 'novalidate' => true ]); + $data = ($x['success'] ? $x['body'] : EMPTY_STR); + $mimetype = 'image/png'; } } else { @@ -200,19 +198,22 @@ class Photo extends \Zotlabs\Web\Controller { if(isset($resolution)) { switch($resolution) { case 4: - $data = fetch_image_from_url(z_root() . '/' . get_default_profile_photo(),$mimetype); + $default = get_default_profile_photo(); break; case 5: - $data = fetch_image_from_url(z_root() . '/' . get_default_profile_photo(80),$mimetype); + $default = get_default_profile_photo(80); break; case 6: - $data = fetch_image_from_url(z_root() . '/' . get_default_profile_photo(48),$mimetype); + $default = get_default_profile_photo(48); break; default: killme(); // NOTREACHED break; } + $x = z_fetch_url(z_root() . '/' . $default,true,0,[ 'novalidate' => true ]); + $data = ($x['success'] ? $x['body'] : EMPTY_STR); + $mimetype = 'image/png'; } } diff --git a/Zotlabs/Module/Search.php b/Zotlabs/Module/Search.php index 272bbdac1..838f9d6b9 100644 --- a/Zotlabs/Module/Search.php +++ b/Zotlabs/Module/Search.php @@ -227,9 +227,9 @@ class Search extends \Zotlabs\Web\Controller { } if($tag) - $o .= '<h2>' . sprintf( t('Items tagged with: %s'),htmlspecialchars($search, ENT_COMPAT,'UTF-8')) . '</h2>'; + $o .= '<h2>' . sprintf( t('Items tagged with: %s'),$search) . '</h2>'; else - $o .= '<h2>' . sprintf( t('Search results for: %s'),htmlspecialchars($search, ENT_COMPAT,'UTF-8')) . '</h2>'; + $o .= '<h2>' . sprintf( t('Search results for: %s'),$search) . '</h2>'; $o .= conversation($items,'search',$update,'client'); @@ -50,10 +50,9 @@ require_once('include/attach.php'); require_once('include/bbcode.php'); define ( 'PLATFORM_NAME', 'hubzilla' ); -define ( 'STD_VERSION', '3.9.4' ); +define ( 'STD_VERSION', '3.9.5' ); define ( 'ZOT_REVISION', '6.0a' ); - define ( 'DB_UPDATE_VERSION', 1225 ); define ( 'PROJECT_BASE', __DIR__ ); diff --git a/include/photos.php b/include/photos.php index d0c5f77fc..d5553b495 100644 --- a/include/photos.php +++ b/include/photos.php @@ -1011,23 +1011,3 @@ function profile_photo_set_profile_perms($uid, $profileid = 0) { } } } - -function fetch_image_from_url($url,&$mimetype) { - - $redirects = 0; - $x = z_fetch_url($url,true,$redirects,[ 'novalidate' => true ]); - if($x['success']) { - $hdrs = []; - $h = explode("\n",$x['header']); - foreach ($h as $l) { - list($k,$v) = array_map("trim", explode(":", trim($l), 2)); - $hdrs[strtolower($k)] = $v; - } - if (array_key_exists('content-type', $hdrs)) - $mimetype = $hdrs['content-type']; - - return $x['body']; - } - - return EMPTY_STR; -}
\ No newline at end of file diff --git a/include/text.php b/include/text.php index 6a6d814d7..646bfe749 100644 --- a/include/text.php +++ b/include/text.php @@ -1061,7 +1061,7 @@ function micropro($contact, $redirect = false, $class = '', $mode = false) { function search($s,$id='search-box',$url='/search',$save = false) { return replace_macros(get_markup_template('searchbox.tpl'),array( - '$s' => htmlspecialchars($s), + '$s' => $s, '$id' => $id, '$action_url' => z_root() . $url, '$search_label' => t('Search'), |